Shibboleth Developers

I'm bringing up a new Solaris machine; it has both a Shib origin + 
target.... I'm currently having an SSL problem when the SHAR contacts 
the AA......

I've configured the origin (origin.xml), apache  1.3 + mod_ssl (via 
httpd.conf), and the shar (via shibboleth.xml) to all use the same 
key + cert.... all stored in flat  file PEM format. And  I have 
mod_ssl using the ca-bundle file I downloaded from IQ. My cert is 
signed by bossie.

the shar  log  says this:

2004-07-13 13:58:06 ERROR SAML.SAMLSOAPBinding [8] session_is_valid 
preFetch populate getNewResponse send send: failed while contacting 
SAML responder: SSL read: error:14094410:SSL 
routines:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0
2004-07-13 13:58:06 ERROR Shibboleth.ShibBinding [8] session_is_valid 
preFetch populate getNewResponse send: caught SAML exception during 
SAML attribute query: SAMLSOAPBinding::send() failed while contacting 
SAML responder: SSL read: error:14094410:SSL 
routines:SSL3_READ_BYTES:sslv3 alert handshake failure, errno 0
2004-07-13 13:58:06 ERROR shibtarget::InternalCCacheEntry [8] 
session_is_valid preFetch populate getNewResponse: caught SAML 
exception during query to AA: ShibBinding::send() unable to 
successfully complete attribute query

and the ssl_engine log says this:

[13/Jul/2004 11:01:18 06387] [error] Re-negotiation handshake failed: 
Not accepted by client!?
[13/Jul/2004 11:01:18 06387] [error] SSL error on writing data 
(OpenSSL library error follows)
[13/Jul/2004 11:01:18 06387] [error] OpenSSL: error:140890C7:SSL 
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a 
certificate [Hint: No CAs known to server for verification?]

suggestions?